Privacy Declaration & data handling.

The Entity doth hereby disclose, notify, and affirm that in the ordinary course of the rendition of its services it may collect, process, and retain, for durations reasonably proportionate to the purposes for which the same were collected, the following categories of information: (i) identification data voluntarily tendered by the user (name, electronic mail address, postal address, telephonic contact, payment instrument credentials via the Stripe payment facility); (ii) device and session telemetry (Internet Protocol address, user-agent string, cookie identifiers set by the Entity or by its duly contracted processors, and aggregated interaction logs); (iii) transactional particulars (items ordered, invoices raised, amounts tendered, dates of rendition); and (iv) such further categories as the user may expressly submit for a specified purpose. Collection shall occur only upon a lawful basis cognizable under United States federal or state privacy law (including, where applicable, the California Consumer Privacy Act and the California Privacy Rights Act, as amended); no biometric identifier, no precise geolocation, and no sensitive category of personal information shall be collected save upon affirmative, particular, and revocable consent.

The Entity may, in aid of the efficient prosecution of its commercial objects, engage duly contracted processors (including, by way of non-exclusive example, Stripe, Inc., for the processing of electronic payments; common-carrier cloud infrastructure providers for hosting and storage; analytic providers for the aggregation of de-identified telemetry; and counsel of record for the handling of regulatory correspondence), each of which shall be bound by written instrument to standards of confidentiality, security, and restricted-purpose use not less rigorous than those to which the Entity itself adheres. Save as may be compelled by lawful process issued by a court or agency of competent jurisdiction, or as may be necessary for the prevention, detection, or prosecution of fraud or criminality, the Entity shall not disclose, transfer, sell, or otherwise alienate any user data to any unaffiliated third party.

Consumers resident in the State of California, as the term is given meaning by the California Consumer Privacy Act of 2018 (Civ. Code §1798.100 et seq.), as amended by the California Privacy Rights Act of 2020, do, by operation of the said statutes and not by grant of the Entity, enjoy the rights to know, to access, to correct, to delete, to limit the processing of sensitive personal information, to opt-out of the sale or sharing of personal information (which latter the Entity does not perform), and to non-discrimination in respect of the exercise thereof. Verifiable consumer requests in respect of any of the foregoing may be tendered to the Entity by electronic mail at info@lksbrothers.com, and shall be honoured within the periods prescribed by the said statutes.

Angel Ai, being the clinical-software division of the Entity, operates in material alignment with the privacy, security, and breach-notification rules promulgated under the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. §1320d et seq.) and its implementing regulations at 45 C.F.R. Parts 160 and 164. Where the Entity, by and through the Angel Ai division, acts in the capacity of a "business associate" as the term is given meaning by 45 C.F.R. §160.103, the Entity shall execute and perform a written Business Associate Agreement with each covered entity, shall process Protected Health Information solely to the extent necessary for the authorised purposes, shall maintain administrative, physical, and technical safeguards not less than the Security Rule prescribes, and shall notify the affected covered entity of any breach or suspected breach of unsecured Protected Health Information within the periods and by the means specified in Subpart D of Part 164. Deployment of Angel Ai models is, by default, on-premise or within the covered entity's own cloud tenancy; no Protected Health Information leaves the covered entity's control without its express, written, and purpose-limited authorisation.

Personal information shall be retained by the Entity solely for such period as is reasonably necessary for the fulfilment of the purposes for which it was collected, for the satisfaction of legal, accounting, or regulatory obligations, or for the establishment, exercise, or defence of legal claims; upon the expiry of the said period, the information shall be deleted, anonymised, or otherwise rendered irrecoverable by such technical means as are in accordance with the industry standard at the material time. The Entity implements appropriate administrative, physical, and technical safeguards, including encryption in transit and at rest, role-based access controls, and periodic independent security review, to protect personal information against unauthorised access, disclosure, alteration, or destruction.